Elsto

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.6.0.x through 1.6.0.21 Asterisk Open Source versions 1.6.1.x through 1.6.1.13 Asterisk Open Source versions 1.6.2.x through 1.6.2.1 Asterisk Business Edition C.3 versions prior to C.3.3.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved via an SIP T.38 negotiation with an SDP `FaxMaxDatagram` field that is either missing, modified to contain a negative number, or modified to contain a large number. **Recommendations** For Asterisk Open Source versions 1.6.0.x through 1.6.0.21, update to version 1.6.0.22 or later. For Asterisk Open Source versions 1.6.1.x through 1.6.1.13, update to version 1.6.1.14 or later. For Asterisk Open Source versions 1.6.2.x through 1.6.2.1, update to version 1.6.2.2 or later. For Asterisk Business Edition C.3 versions prior to C.3.3.2, update to version C.3.3.2 or later.